{"id":3095,"date":"2021-01-06T23:17:08","date_gmt":"2021-01-06T15:17:08","guid":{"rendered":"https:\/\/learn-house.idv.tw\/?p=3095"},"modified":"2024-11-10T14:57:54","modified_gmt":"2024-11-10T06:57:54","slug":"%e5%9c%a8ubuntu-20-04%e4%b8%8a%e8%a8%ad%e5%ae%9aapache-virtualhost%e5%8a%a0%e5%85%a5lets-encrypt-ssl","status":"publish","type":"post","link":"https:\/\/learn-house.idv.tw\/?p=3095","title":{"rendered":"\u5728Ubuntu 20.04\u4e0a\u8a2d\u5b9aApache VirtualHost\u52a0\u5165Let’s Encrypt SSL"},"content":{"rendered":"

\u6211\u5011\u90fd\u77e5\u9053https\u662f\u4e00\u500b\u5b89\u5168\u7684\u9023\u7dda\u52a0\u5bc6\u6a5f\u5236\uff0c\u4f46\u4e00\u60f3\u5230\u7533\u8acb\u6191\u8b49\u5c31\u9700\u8981\u4ed8\u4e00\u5927\u7b46\u8cbb\u7528\u3002\u82e5\u975e\u662f\u5546\u696d\u7db2\u7ad9\u50cf\u6211\u9019\u6a23\u7684\u500b\u4eba\u7db2\u8a8c\uff0c\u5c31\u6703\u89ba\u5f97\u662f\u4e00\u7b46\u591a\u9918\u7684\u958b\u92b7
\n\u4e0d\u904e\u8fd1\u5e7e\u5e74\u4f86\u51fa\u73fe\u4e86\u4e00\u500b\u540d\u70baLet\u2019s Encrypt<\/a>\u7684\u6578\u4f4d\u6191\u8b49\u8a8d\u8b49\u6a5f\u69cb\uff08CA\uff09\u63a8\u51fa\u514d\u8cbbSSL\/TLS\u6191\u8b49\u670d\u52d9
\n\u4e0d\u904e\u7f3a\u9ede\u5c31\u662f\u6191\u8b49\u7684\u6548\u671f\u53ea\u6709\u4e09\u500b\u6708\uff0c\u4e5f\u5c31\u662f\u8aaa\u6bcf\u4e09\u500b\u6708\u8981\u66f4\u65b0\u4e00\u6b21\uff0c\u4f46\u5225\u64d4\u5fc3\u6709\u81ea\u52d5\u66f4\u65b0\u6a5f\u5236\u3002\u6240\u4ee5\u65e2\u7136\u662f\u514d\u8cbb\u7684\uff0c\u56e0\u6b64\u672c\u4eba\u7684Blog\u5c31\u958b\u59cb\u5f37\u8feb\u8d70https\u9023\u7dda\u56c9~
\n
\n\u7533\u8acb\u548c\u8a2d\u5b9a\u7684\u6b65\u9a5f\u5982\u4e0b\uff1a<\/p>\n

1.\u78ba\u4fdd\u4f60\u7684\u9632\u706b\u7246\u6709\u958b\u901a80\u8207443 port<\/p>\n

sudo ufw allow 80
\nsudo ufw allow 443<\/p><\/blockquote>\n

2.\u5b89\u88ddLet\u2019s Encrypt\u5de5\u5177<\/p>\n

sudo apt install letsencrypt<\/p><\/blockquote>\n

3.\u67e5\u770bcertbot.timer\u662f\u5426\u555f\u52d5\uff0c\u6bcf\u5169\u5929\u6703\u78ba\u8a8d\u4e00\u6b21\u6191\u8b49\u6548\u671f\uff0c\u81ea\u52d5\u5c55\u671f(renewal)30\u5929\u5f8c\u5230\u671f\u7684\u6191\u8b49<\/p>\n

sudo systemctl status certbot.timer<\/p><\/blockquote>\n

4. \u53d6\u5f97Let’s Encrypt SSL\u6191\u8b49\uff0c\u6307\u5b9a\u4f60\u7684domain-name.com<\/p>\n

sudo certbot certonly –standalone –agree-tos –preferred-challenges http -d learn-house.idv.tw<\/p><\/blockquote>\n

[c]\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nPlugins selected: Authenticator standalone, Installer None\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\ncancel): \u8f38\u5165\u4f60\u7684mail\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about our work\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: \u53ef\u9078\u64c7N\n\nObtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for learn-house.idv.tw\nCleaning up challenges\nProblem binding to port 80: Could not bind to IPv4 or IPv6.\n\nIMPORTANT NOTES:\n - Your account credentials have been saved in your Certbot\n   configuration directory at \/etc\/letsencrypt. You should make a\n   secure backup of this folder now. This configuration directory will\n   also contain certificates and private keys obtained by Certbot so\n   making regular backups of this folder is ideal.\n[\/c]<\/pre>\n
5. \u81ea\u52d5\u5b89\u88ddSSL\u6191\u8b49\u3002\u8981\u5148\u5b89\u88ddCertBot\u5de5\u5177\uff0c\u57f7\u884c\u5f8c\u82e5\u6c92\u8a2d\u5b9a443 port\u7684vitrualhouse\u5247\u6703\u81ea\u52d5\u5e6b\u4f60\u5efa\u4e00\u500b\uff0c\u82e5\u5df2\u7d93\u6709\u5efa\u7acb\u5247\u6703\u81ea\u52d5\u627e\u5230\u4f60virtualhost\u7684\u8a2d\u5b9a\u6a94\u66f4\u65b0<\/p>\n
sudo apt install python3-certbot-apache<\/p><\/blockquote>\n
sudo certbot –apache –agree-tos –preferred-challenges http -d learn-house.idv.tw<\/p><\/blockquote>\n
[c]\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nPlugins selected: Authenticator apache, Installer apache\nObtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for learn-house.idv.tw\nEnabled Apache rewrite module\nWaiting for verification...\nCleaning up challenges\nDeploying Certificate to VirtualHost \/etc\/apache2\/sites-enabled\/blog.conf\n\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): \u53ef\u9078\u64c71\n\nCongratulations! You have successfully enabled https:\/\/learn-house.idv.tw\n\nYou should test your configuration at:\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=learn-house.idv.tw\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/learn-house.idv.tw\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/learn-house.idv.tw\/privkey.pem\n   Your cert will expire on 2021-04-06. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot again\n   with the &quot;certonly&quot; option. To non-interactively renew *all* of\n   your certificates, run &quot;certbot renew&quot;\n - If you like Certbot, please consider supporting our work by:\n\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\n[\/c]<\/pre>\n
\u9019\u6a23\u5c31\u5927\u529f\u544a\u6210\u56c9~
\n\u53c3\u8003\u8cc7\u6599\uff1ahttps:\/\/serverspace.io\/support\/help\/how-to-get-lets-encrypt-ssl-on-ubuntu\/<\/p>\n
[2021.6.6]\u624b\u52d5\u5c55\u671f\u6191\u8b49<\/strong><\/span>
\n\u7531\u65bc5\u670817\u65e5\u672c\u4eba\u4e0d\u6703\u7528\u611b\u767c\u96fb\u5c0e\u81f4\u505c\u96fb\u5f8c\u4e3b\u6a5f\u640d\u6bc0\uff0c\u96d6\u7136\u5e73\u65e5\u6709\u5099\u4efd\u7684\u7fd2\u6163\u4e5f\u5305\u542b\u6191\u8b49\uff0c\u4f46\u6062\u5fa9\u5f8c\uff0c\u81ea\u52d5\u5c55\u671f\u7a0b\u5e8f\u537b\u6c92\u6709\u4f5c\u7528\uff0c\u5c0e\u81f4\u4eca\u65e5\u6191\u8b49\u904e\u671f\u9700\u91cd\u65b0\u57f7\u884c<\/p>\n
sudo certbot certonly –standalone –agree-tos –preferred-challenges http -d learn-house.idv.tw<\/p><\/blockquote>\n
\u4f46\u51fa\u73fe<\/p>\n
[c]Problem binding to port 80: Could not bind to IPv4 or IPv6.[\/c]<\/pre>\n
\u89e3\u6c7a\u65b9\u5f0f\u662f\u662f\u95dc\u6389\u4f60\u7684web server\u770b\u60a8\u662f\u7528apache2\u9084\u662fnginx\uff1a<\/p>\n
sudo service apache2 stop
\nor
\nsudo service nginx stop<\/p><\/blockquote>\n
[2024.10.29]No module named ‘acme.magic_typing’<\/strong><\/span>
\n\u5728\u70baImmich<\/a>\u914d\u7f6eHTTPS\u6642\u4e00\u76f4\u51fa\u73fe\u5982\u4e0b\u932f\u8aa4<\/p>\n
[c]\n$ sudo certbot certonly --standalone --agree-tos --preferred-challenges http -d your.domain.com.tw\nThe 'certbot_apache._internal.entrypoint' plugin errored while loading: No module named 'acme.magic_typing'. You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer.\nAsk for help or search for solutions at https:\/\/community.letsencrypt.org. See the logfile \/tmp\/certbot-log-gk76umpl\/log or re-run Certbot with -v for more details.\n[\/c]<\/pre>\n
\u6211\u76ee\u524d\u7684\u89e3\u6cd5\u662f\u79fb\u9664\u4e26\u91cd\u65b0\u5b89\u88dd
\n[c]sudo pip3 uninstall certbot certbot-apache acme
\nsudo apt install –reinstall python3-certbot-apache python3-acme python3-certbot certbot[\/c]<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6211\u5011\u90fd\u77e5\u9053https\u662f\u4e00\u500b\u5b89\u5168\u7684\u9023\u7dda\u52a0\u5bc6\u6a5f\u5236\uff0c\u4f46\u4e00\u60f3\u5230\u7533\u8acb\u6191\u8b49\u5c31\u9700\u8981\u4ed8\u4e00\u5927\u7b46\u8cbb\u7528\u3002\u82e5\u975e\u662f\u5546\u696d\u7db2\u7ad9\u50cf\u6211\u9019\u6a23\u7684\u500b\u4eba…<\/span><\/p>\n
Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-3095","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/3095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3095"}],"version-history":[{"count":4,"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/3095\/revisions"}],"predecessor-version":[{"id":4155,"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/3095\/revisions\/4155"}],"wp:attachment":[{"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/learn-house.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}